National Statement on Ethical
Conduct in Research Involving Humans
Part 18 - Privacy of Information
Confidentiality and Privacy
Legal Regulation
Information Privacy Principles
Information Privacy Principles and Medical Research
Privacy is a complex concept that stems from a core idea that individuals have a sphere of life from which they should be able to exclude any intrusion. Privacy can refer to the reasons on which individuals rely in reaching decisions about participation in research or in health care, the protection from interventions in the lives of persons who cannot make decisions or the freedom of individuals from observation or surveillance.
A major application of the concept of privacy is information privacy: the interest of a person in controlling access to and use of any information personal to that person. It is this application of privacy that is considered below.
Confidentiality refers to the legal and ethical obligation that arises from a relationship in which a person receives information from or about another. The recipient has an obligation not to use that information for any purpose other than that for which it was given. Traditional examples of relationships in which that obligation arises are those between doctors and patients and priests and penitents. However, the obligation can be created by contract.
Privacy is a broader concept. A person's interest in keeping personal information private relates to anyone who might have access to that information, whether through a relationship or otherwise.
At the Commonwealth level, the collection, storage, use and disclosure of personal information by Commonwealth agencies is regulated by the Privacy Act 1988. There is regulation at State and Territory level in the form of legislation related to privacy generally or the administration of agencies, or administrative codes of practice. Others have included more limited controls as part of the administrative structure of health departments and agencies.
Information Privacy Principles
The Privacy Act 1988 requires Commonwealth agencies to conform to the Information Privacy Principles (IPPs) in dealing with personal information. These principles, adapted from international standards, form a code of conduct that balances the public need for information with the interests of individuals in their privacy. The IPPs are included in Appendix 2 to this Statement.
Information Privacy Principles and Medical Research
The use of personal information for research is not exempt from the IPPs. However, a balance between the public interest in medical research and in the protection of privacy is reflected in section 95 of the Privacy Act. This provides that a Commonwealth agency may, in relation to medical research, deal with personal information in ways that may infringe the IPPs if that research conforms with guidelines devised by the National Health and Medical Research Council (NHMRC) and approved by the Privacy Commissioner. Footnote 8
18.1 An HREC must be satisfied that a research proposal conforms to all relevant Commonwealth, State or Territory privacy legislation or codes of practice.
18.2 An HREC must be satisfied that, where a research proposal involves the collection, storage, disclosure or other use of personal information, the privacy of persons to whom that information relates is protected. In most situations, conformity to the IPPs provides an acceptable standard of protection.
18.3 Where a proposal for medical research may involve a breach of the Information Privacy Principles, the HREC must follow the guidelines contained in Aspects of Privacy in Medical Research (1995) [Under review].
18.4 Generally the consent of participants in research should be obtained for the use of their personal information where:
(a) the information is to be held on registers for use by researchers in future research projects; or(b) the information is to be disclosed to other persons for use in future research projects.
18.5 In research based on linkages between records, an HREC may permit personal information to be used to enable the record linkage without consent if it is satisfied that:
(a) the identity of participants is not disclosed except for the purposes of record linkage and is not retained once record linkage has been completed;(b) identifying information is used with sufficient security; and
(c) the research has public benefit.
Footnote
8 Included in NHMRC, Aspects of Privacy in Medical Research, AGPS, Canberra, 1995 [Under review}.
[Preamble] [Part 1] [Part 2] [Part 3] [Part 4] [Part 5] [Part 6]
[Part 7] [Part 8] [Part 9] [Part 10] [Part 11] [Part 12] [Part 13]
[Part 14] [Part 15] [Part 16] [Part 17] [Part 18] [Part 19]
[Appendix 1] [Appendix 2] [Appendix 3]